Chief information officers need to take a leading role
in setting up formal schemes to stop them over-complicating
information classification to comply with security regulations,
according to a report from theInformation
Security Forum(ISF).
The ISF said that information classification systems were too
complex. "As a result they rarely deliver business benefits and are
often simply ignored," it said.
Good information classification prevents over-complicating
controls and cuts the costs and resources needed to protect
information, said the report.
The ISF said participation was essential from human resources,
legal, IT and audit, along with board support. "Having senior
managers with a shared strategic vision and understanding of
information classification and the value it can deliver is critical
to overcome budgetary and organisational issues. It is also vital
to run a successful pilot project to show a 'quick win' to
demonstrate the benefits," said Nick Frost at the ISF who wrote the
report.
